Function install_fips_crypto_provider 

pub fn install_fips_crypto_provider() -> Result<(), CoolError>

Crypto provider selection — banks running on FIPS-validated hardware enable the crypto-aws-lc-rs feature. The function below surfaces an error early when the feature is missing so the wrong build can’t slip into a regulated production cluster.

Operational steps for a real FIPS deployment (out of scope for the framework itself):

1. Build with --features crypto-aws-lc-rs.
2. Use an aws-lc-rs/rustls build configured against the vendor’s FIPS-validated libcrypto.
3. Call install_fips_crypto_provider from your service’s main before any TLS-using code runs.
4. Pin the binary’s cargo audit report and the validated module’s certificate id in your release process.